This is an automated email from the ASF dual-hosted git repository.

fschumacher pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 937b156  Guard new escape routines for null values
937b156 is described below

commit 937b1568afa18f410c6664214246e010c661d419
Author: Felix Schumacher <fschumac...@apache.org>
AuthorDate: Sat May 15 14:06:21 2021 +0200

    Guard new escape routines for null values
    
    NPE in JNDIRealm, when userRoleAttribute is not set.
    Plus add path to UnboundID SDK to the Eclipse and Intellij
    classpath settings.
    
    Bugzilla Id: 63508
---
 java/org/apache/catalina/realm/JNDIRealm.java      |  6 ++++
 res/ide-support/eclipse/eclipse.classpath          |  1 +
 res/ide-support/idea/tomcat.iml                    |  9 +++++
 .../catalina/realm/TestJNDIRealmIntegration.java   | 42 ++++++++++++++++------
 webapps/docs/changelog.xml                         |  8 +++++
 5 files changed, 55 insertions(+), 11 deletions(-)

diff --git a/java/org/apache/catalina/realm/JNDIRealm.java 
b/java/org/apache/catalina/realm/JNDIRealm.java
index 5648201..315d9e6 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -2789,6 +2789,9 @@ public class JNDIRealm extends RealmBase {
      * @return String the escaped/encoded result
      */
     protected String doFilterEscaping(String inString) {
+        if (inString == null) {
+            return null;
+        }
         StringBuilder buf = new StringBuilder(inString.length());
         for (int i = 0; i < inString.length(); i++) {
             char c = inString.charAt(i);
@@ -2881,6 +2884,9 @@ public class JNDIRealm extends RealmBase {
      * @return      The string representation of the attribute value
      */
     protected String doAttributeValueEscaping(String input) {
+        if (input == null) {
+            return null;
+        }
         int len = input.length();
         StringBuilder result = new StringBuilder();
 
diff --git a/res/ide-support/eclipse/eclipse.classpath 
b/res/ide-support/eclipse/eclipse.classpath
index cf76744..c7985ef 100644
--- a/res/ide-support/eclipse/eclipse.classpath
+++ b/res/ide-support/eclipse/eclipse.classpath
@@ -30,5 +30,6 @@
     <classpathentry kind="var" 
path="TOMCAT_LIBS_BASE/cglib-3.3.0/cglib-nodep-3.3.0.jar"/>
     <classpathentry kind="var" 
path="TOMCAT_LIBS_BASE/objenesis-3.1/objenesis-3.1.jar"/>
     <classpathentry kind="var" 
path="TOMCAT_LIBS_BASE/bnd-5.3.0/biz.aQute.bnd-5.3.0.jar"/>
+    <classpathentry kind="var" 
path="TOMCAT_LIBS_BASE/unboundid-5.1.4/unboundid-ldapsdk-5.1.4.jar"/>
     <classpathentry kind="output" path=".settings/output"/>
 </classpath>
diff --git a/res/ide-support/idea/tomcat.iml b/res/ide-support/idea/tomcat.iml
index ae752a6..b211df2 100644
--- a/res/ide-support/idea/tomcat.iml
+++ b/res/ide-support/idea/tomcat.iml
@@ -119,6 +119,15 @@
         <SOURCES />
       </library>
     </orderEntry>
+    <orderEntry type="module-library">
+      <library>
+        <CLASSES>
+          <root 
url="jar://$TOMCAT_BUILD_LIBS$/unboundid-5.1.4/unboundid-ldapsdk-5.1.4.jar!/" />
+        </CLASSES>
+        <JAVADOC />
+        <SOURCES />
+      </library>
+    </orderEntry>
 
   </component>
 </module>
diff --git a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java 
b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
index e52d7c2..99d537d 100644
--- a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
+++ b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
@@ -58,26 +58,33 @@ public class TestJNDIRealmIntegration {
     @Parameterized.Parameters(name = "{index}: user[{5}], pwd[{6}]")
     public static Collection<Object[]> parameters() {
         List<Object[]> parameterSets = new ArrayList<>();
-        for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B, 
ROLE_SEARCH_C }) {
-            addUsers(USER_PATTERN, null, null, roleSearch, ROLE_BASE, 
parameterSets);
-            addUsers(null, USER_SEARCH, USER_BASE, roleSearch, ROLE_BASE, 
parameterSets);
+        for (String userRoleAttribute : new String[] { "cn", null }) {
+            for (String roleSearch : new String[] { ROLE_SEARCH_A, 
ROLE_SEARCH_B, ROLE_SEARCH_C }) {
+                if (userRoleAttribute != null) {
+                    addUsers(USER_PATTERN, null, null, roleSearch, ROLE_BASE, 
userRoleAttribute, parameterSets);
+                    addUsers(null, USER_SEARCH, USER_BASE, roleSearch, 
ROLE_BASE, userRoleAttribute, parameterSets);
+                }
+            }
+            parameterSets.add(new Object[] { 
"cn={0},ou=s\\;ub,ou=people,dc=example,dc=com", null, null, ROLE_SEARCH_A,
+                    "{3},ou=people,dc=example,dc=com", "testsub", "test", new 
String[] { "TestGroup4" },
+                    userRoleAttribute });
         }
-        parameterSets.add(new Object[] { 
"cn={0},ou=s\\;ub,ou=people,dc=example,dc=com", null, null, ROLE_SEARCH_A,
-                "{3},ou=people,dc=example,dc=com", "testsub", "test", new 
String[] {"TestGroup4"} });
         return parameterSets;
     }
 
 
     private static void addUsers(String userPattern, String userSearch, String 
userBase, String roleSearch,
-            String roleBase, List<Object[]> parameterSets) {
+            String roleBase, String userRoleAttribute, List<Object[]> 
parameterSets) {
         parameterSets.add(new Object[] { userPattern, userSearch, userBase, 
roleSearch, roleBase,
-                "test", "test", new String[] {"TestGroup"} });
+                "test", "test", new String[] {"TestGroup"}, userRoleAttribute 
});
         parameterSets.add(new Object[] { userPattern, userSearch, userBase, 
roleSearch, roleBase,
-                "t;", "test", new String[] {"TestGroup"} });
+                "t;", "test", new String[] {"TestGroup"}, userRoleAttribute });
         parameterSets.add(new Object[] { userPattern, userSearch, userBase, 
roleSearch, roleBase,
-                "t*", "test", new String[] {"TestGroup"} });
+                "t*", "test", new String[] {"TestGroup"}, userRoleAttribute });
         parameterSets.add(new Object[] { userPattern, userSearch, userBase, 
roleSearch, roleBase,
-                "t=", "test", new String[] {"Test<Group*2", "Test>Group*3"} });
+                "t=", "test", new String[] {"Test<Group*2", "Test>Group*3"}, 
userRoleAttribute });
+        parameterSets.add(new Object[] { userPattern, userSearch, userBase, 
roleSearch, roleBase,
+                "norole", "test", new String[0], userRoleAttribute });
     }
 
 
@@ -97,6 +104,8 @@ public class TestJNDIRealmIntegration {
     public String credentials;
     @Parameter(7)
     public String[] groups;
+    @Parameter(8)
+    public String realmConfigUserRoleAttribute;
 
     @Test
     public void testAuthenication() throws Exception {
@@ -107,7 +116,7 @@ public class TestJNDIRealmIntegration {
         realm.setUserPattern(realmConfigUserPattern);
         realm.setUserSearch(realmConfigUserSearch);
         realm.setUserBase(realmConfigUserBase);
-        realm.setUserRoleAttribute("cn");
+        realm.setUserRoleAttribute(realmConfigUserRoleAttribute);
         realm.setRoleName("cn");
         realm.setRoleBase(realmConfigRoleBase);
         realm.setRoleSearch(realmConfigRoleSearch);
@@ -203,6 +212,17 @@ public class TestJNDIRealmIntegration {
             result = conn.processOperation(addUserTestEquals);
             Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
 
+            AddRequest addUserNoRole = new AddRequest(
+                    "dn: cn=norole,ou=people,dc=example,dc=com",
+                    "objectClass: top",
+                    "objectClass: person",
+                    "objectClass: organizationalPerson",
+                    "cn: norole",
+                    "sn: No Role",
+                    "userPassword: test");
+            result = conn.processOperation(addUserNoRole);
+            Assert.assertEquals(ResultCode.SUCCESS, result.getResultCode());
+
             AddRequest addGroupTest = new AddRequest(
                     "dn: cn=TestGroup,ou=people,dc=example,dc=com",
                     "objectClass: top",
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5408c65..8d5f8d9 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,6 +104,14 @@
   issues do not "pop up" wrt. others).
 -->
 <section name="Tomcat 9.0.47 (markt)" rtext="in development">
+  <subsection name="Catalina">
+    <changelog>
+      <fix>
+        <bug>63508</bug>: NPE in JNDIRealm when no 
<code>userRoleAttribute</code>
+        is given. (fschumacher)
+      </fix>
+    </changelog>
+  </subsection>
   <subsection name="Coyote">
     <changelog>
       <fix>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to